CVE-2024-48895 Vulnerability Details

  /     /     /  

CVE-2024-48895 Metadata Quick Info

CVE Published: 20/11/2024 | CVE Updated: 20/11/2024 | CVE Year: 2024
Source: jpcert | Vendor: Rakuten Mobile, Inc. | Product: Rakuten Turbo 5G
Status : PUBLISHED

CVE-2024-48895 Description

Improper neutralization of special elements used in an OS command (\'OS Command Injection\') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command.

Metrics

CVSS Version: 3.1 | Base Score: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-78
CWE Name: Improper neutralization of special elements used in an OS command ( OS Command Injection )
Source: Rakuten Mobile, Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-48895 Vulnerability Details